decode-teredo-01: update for dns v3 logging

author Jason Ish <jason.ish@oisf.net>

Thu, 4 Jul 2024 23:25:43 +0000 (17:25 -0600)

committer Victor Julien <victor@inliniac.net>

Tue, 9 Jul 2024 10:15:24 +0000 (12:15 +0200)
author Jason Ish <jason.ish@oisf.net>
Thu, 4 Jul 2024 23:25:43 +0000 (17:25 -0600)
committer Victor Julien <victor@inliniac.net>
Tue, 9 Jul 2024 10:15:24 +0000 (12:15 +0200)
diff --git a/tests/decode-teredo-01/test.yaml b/tests/decode-teredo-01/test.yaml

index fa107662a55d417ac20a1cd1bd5946f2e0f3bf3f..26ae4484cff8eb6f6d072801190eb9a523f0d5a6 100644 (file)
--- a/tests/decode-teredo-01/test.yaml
+++ b/tests/decode-teredo-01/test.yaml
@@ -6,6 +6,25 @@ args:
  
  checks:
  - filter:
+    requires:
+      min-version: 8
+    count: 1
+    match:
+      dest_ip: 192.168.2.1
+      dest_port: 53
+      dns.id: 16995
+      dns.queries[0].rrname: ipv6.google.com
+      dns.queries[0].rrtype: AAAA
+      dns.tx_id: 0
+      dns.type: request
+      event_type: dns
+      pcap_cnt: 21
+      proto: UDP
+      src_ip: 192.168.2.16
+      src_port: 1920
+- filter:
+    requires:
+      lt-version: 8
      count: 1
      match:
        dest_ip: 192.168.2.1
@@ -21,6 +40,68 @@ checks:
        src_ip: 192.168.2.16
        src_port: 1920
  - filter:
+    requires:
+      min-version: 8
+    count: 1
+    match:
+      dest_ip: 192.168.2.1
+      dest_port: 53
+      dns.answers[0].rdata: ipv6.l.google.com
+      dns.answers[0].rrname: ipv6.google.com
+      dns.answers[0].rrtype: CNAME
+      dns.answers[0].ttl: 8655
+      dns.answers[1].rdata: 2001:4860:0000:2001:0000:0000:0000:0068
+      dns.answers[1].rrname: ipv6.l.google.com
+      dns.answers[1].rrtype: AAAA
+      dns.answers[1].ttl: 300
+      dns.authorities[0].rdata: a.l.google.com
+      dns.authorities[0].rrname: l.google.com
+      dns.authorities[0].rrtype: NS
+      dns.authorities[0].ttl: 77923
+      dns.authorities[1].rdata: b.l.google.com
+      dns.authorities[1].rrname: l.google.com
+      dns.authorities[1].rrtype: NS
+      dns.authorities[1].ttl: 77923
+      dns.authorities[2].rdata: c.l.google.com
+      dns.authorities[2].rrname: l.google.com
+      dns.authorities[2].rrtype: NS
+      dns.authorities[2].ttl: 77923
+      dns.authorities[3].rdata: d.l.google.com
+      dns.authorities[3].rrname: l.google.com
+      dns.authorities[3].rrtype: NS
+      dns.authorities[3].ttl: 77923
+      dns.authorities[4].rdata: e.l.google.com
+      dns.authorities[4].rrname: l.google.com
+      dns.authorities[4].rrtype: NS
+      dns.authorities[4].ttl: 77923
+      dns.authorities[5].rdata: f.l.google.com
+      dns.authorities[5].rrname: l.google.com
+      dns.authorities[5].rrtype: NS
+      dns.authorities[5].ttl: 77923
+      dns.authorities[6].rdata: g.l.google.com
+      dns.authorities[6].rrname: l.google.com
+      dns.authorities[6].rrtype: NS
+      dns.authorities[6].ttl: 77923
+      dns.flags: '8180'
+      dns.grouped.AAAA[0]: 2001:4860:0000:2001:0000:0000:0000:0068
+      dns.grouped.CNAME[0]: ipv6.l.google.com
+      dns.id: 16995
+      dns.qr: true
+      dns.ra: true
+      dns.rcode: NOERROR
+      dns.rd: true
+      dns.queries[0].rrname: ipv6.google.com
+      dns.queries[0].rrtype: AAAA
+      dns.type: response
+      dns.version: 3
+      event_type: dns
+      pcap_cnt: 22
+      proto: UDP
+      src_ip: 192.168.2.16
+      src_port: 1920
+- filter:
+    requires:
+      lt-version: 8
      count: 1
      match:
        dest_ip: 192.168.2.1
@@ -79,6 +160,25 @@ checks:
        src_ip: 192.168.2.16
        src_port: 1920
  - filter:
+    requires:
+      min-version: 8
+    count: 1
+    match:
+      dest_ip: 192.168.2.1
+      dest_port: 53
+      dns.id: 19995
+      dns.queries[0].rrname: ipv6.google.com
+      dns.queries[0].rrtype: A
+      dns.tx_id: 2
+      dns.type: request
+      event_type: dns
+      pcap_cnt: 23
+      proto: UDP
+      src_ip: 192.168.2.16
+      src_port: 1920
+- filter:
+    requires:
+      lt-version: 8
      count: 1
      match:
        dest_ip: 192.168.2.1
@@ -116,6 +216,45 @@ checks:
        src_ip: 192.168.2.16
        src_port: 1578
  - filter:
+    requires:
+      min-version: 8
+    count: 1
+    match:
+      dest_ip: 192.168.2.1
+      dest_port: 53
+      dns.answers[0].rdata: ipv6.l.google.com
+      dns.answers[0].rrname: ipv6.google.com
+      dns.answers[0].rrtype: CNAME
+      dns.answers[0].ttl: 8655
+      dns.authorities[0].rrname: l.google.com
+      dns.authorities[0].rrtype: SOA
+      dns.authorities[0].soa.expire: 1800
+      dns.authorities[0].soa.minimum: 60
+      dns.authorities[0].soa.mname: c.l.google.com
+      dns.authorities[0].soa.refresh: 900
+      dns.authorities[0].soa.retry: 900
+      dns.authorities[0].soa.rname: dns-admin.google.com
+      dns.authorities[0].soa.serial: 1345503
+      dns.authorities[0].ttl: 60
+      dns.flags: '8180'
+      dns.grouped.CNAME[0]: ipv6.l.google.com
+      dns.id: 19995
+      dns.qr: true
+      dns.ra: true
+      dns.rcode: NOERROR
+      dns.rd: true
+      dns.queries[0].rrname: ipv6.google.com
+      dns.queries[0].rrtype: A
+      dns.type: response
+      dns.version: 3
+      event_type: dns
+      pcap_cnt: 24
+      proto: UDP
+      src_ip: 192.168.2.16
+      src_port: 1920
+- filter:
+    requires:
+      lt-version: 8
      count: 1
      match:
        dest_ip: 192.168.2.1
@@ -151,6 +290,25 @@ checks:
        src_ip: 192.168.2.16
        src_port: 1920
  - filter:
+    requires:
+      min-version: 8
+    count: 1
+    match:
+      dest_ip: 192.168.2.1
+      dest_port: 53
+      dns.id: 38477
+      dns.queries[0].rrname: www.wireshark.org
+      dns.queries[0].rrtype: AAAA
+      dns.tx_id: 4
+      dns.type: request
+      event_type: dns
+      pcap_cnt: 58
+      proto: UDP
+      src_ip: 192.168.2.16
+      src_port: 1920
+- filter:
+    requires:
+      lt-version: 8
      count: 1
      match:
        dest_ip: 192.168.2.1
@@ -166,6 +324,31 @@ checks:
        src_ip: 192.168.2.16
        src_port: 1920
  - filter:
+    requires:
+      min-version: 8
+    count: 1
+    match:
+      dest_ip: 192.168.2.1
+      dest_port: 53
+      dns.aa: true
+      dns.flags: '8580'
+      dns.id: 38477
+      dns.qr: true
+      dns.ra: true
+      dns.rcode: NOERROR
+      dns.rd: true
+      dns.queries[0].rrname: www.wireshark.org
+      dns.queries[0].rrtype: AAAA
+      dns.type: response
+      dns.version: 3
+      event_type: dns
+      pcap_cnt: 59
+      proto: UDP
+      src_ip: 192.168.2.16
+      src_port: 1920
+- filter:
+    requires:
+      lt-version: 8
      count: 1
      match:
        dest_ip: 192.168.2.1
@@ -206,6 +389,25 @@ checks:
        src_port: 1578
        tx_id: 0
  - filter:
+    requires:
+      min-version: 8
+    count: 1
+    match:
+      dest_ip: 192.168.2.1
+      dest_port: 53
+      dns.id: 26746
+      dns.queries[0].rrname: www.wireshark.org.gateway.2wire.net
+      dns.queries[0].rrtype: AAAA
+      dns.tx_id: 6
+      dns.type: request
+      event_type: dns
+      pcap_cnt: 60
+      proto: UDP
+      src_ip: 192.168.2.16
+      src_port: 1920
+- filter:
+    requires:
+      lt-version: 8
      count: 1
      match:
        dest_ip: 192.168.2.1
@@ -221,6 +423,30 @@ checks:
        src_ip: 192.168.2.16
        src_port: 1920
  - filter:
+    requires:
+      min-version: 8
+    count: 1
+    match:
+      dest_ip: 192.168.2.1
+      dest_port: 53
+      dns.aa: true
+      dns.flags: '8505'
+      dns.id: 26746
+      dns.qr: true
+      dns.rcode: REFUSED
+      dns.rd: true
+      dns.queries[0].rrname: www.wireshark.org.gateway.2wire.net
+      dns.queries[0].rrtype: AAAA
+      dns.type: response
+      dns.version: 3
+      event_type: dns
+      pcap_cnt: 61
+      proto: UDP
+      src_ip: 192.168.2.16
+      src_port: 1920
+- filter:
+    requires:
+      lt-version: 8
      count: 1
      match:
        dest_ip: 192.168.2.1
@@ -241,6 +467,25 @@ checks:
        src_ip: 192.168.2.16
        src_port: 1920
  - filter:
+    requires:
+      min-version: 8
+    count: 1
+    match:
+      dest_ip: 192.168.2.1
+      dest_port: 53
+      dns.id: 34278
+      dns.queries[0].rrname: www.wireshark.org
+      dns.queries[0].rrtype: A
+      dns.tx_id: 8
+      dns.type: request
+      event_type: dns
+      pcap_cnt: 62
+      proto: UDP
+      src_ip: 192.168.2.16
+      src_port: 1920
+- filter:
+    requires:
+      lt-version: 8
      count: 1
      match:
        dest_ip: 192.168.2.1
@@ -256,6 +501,36 @@ checks:
        src_ip: 192.168.2.16
        src_port: 1920
  - filter:
+    requires:
+      min-version: 8
+    count: 1
+    match:
+      dest_ip: 192.168.2.1
+      dest_port: 53
+      dns.aa: true
+      dns.answers[0].rdata: 67.228.110.120
+      dns.answers[0].rrname: www.wireshark.org
+      dns.answers[0].rrtype: A
+      dns.answers[0].ttl: 14400
+      dns.flags: '8580'
+      dns.grouped.A[0]: 67.228.110.120
+      dns.id: 34278
+      dns.qr: true
+      dns.ra: true
+      dns.rcode: NOERROR
+      dns.rd: true
+      dns.queries[0].rrname: www.wireshark.org
+      dns.queries[0].rrtype: A
+      dns.type: response
+      dns.version: 3
+      event_type: dns
+      pcap_cnt: 63
+      proto: UDP
+      src_ip: 192.168.2.16
+      src_port: 1920
+- filter:
+    requires:
+      lt-version: 8
      count: 1
      match:
        dest_ip: 192.168.2.1
author	Jason Ish <jason.ish@oisf.net>
	Thu, 4 Jul 2024 23:25:43 +0000 (17:25 -0600)
committer	Victor Julien <victor@inliniac.net>
	Tue, 9 Jul 2024 10:15:24 +0000 (12:15 +0200)